How oauth works with major platforms eg. FB and Google?
We've seen many mobile apps where we are allowed to log-in to their service with 3rd party social media platforms eg. Google, Facebook
However, as Im seeking to build my own platform that uses third party SSO, I have been reading up on OAuth requiring an authentication server. This diagram (emphasis mine)
What Im unsure about is where does Google and FB come in?
In the scenario you describe {Google, Facebook} acts as an identity provider. More precisely they act as OAuth 2.0 authorization servers. In case of Google they also conform their Oauth2 implementation to the OpenId specification allowing them to provide you with both authentication and authorisation.
No need to know the ins and outs of the Oauth2 protocol, just keep in mind that it's a protocol that guarantees that you are authenticated with the right permission.
Google provides good documentation of the protocol flow and most importantly a playground to understand it in live.
Note that we also have different kind of identity providers to implement SSO. We have SAML identity providers such as Okta or Keycloak. Different protocol, different purpose (more enterprise oriented).